/*
 * COPYRIGHT. HSBC HOLDINGS PLC 2016. ALL RIGHTS RESERVED.
 * 
 * This software is only to be used for the purpose for which it has been
 * provided. No part of it is to be reproduced, disassembled, transmitted,
 * stored in a retrieval system nor translated in any human or computer
 * language in any way or for any other purposes whatsoever without the
 * written consent of HSBC Holdings plc.
 */
package com.pactera.integral.security.web;

import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/**
 *  CsrfSecurityRequestMatcher for CSRF .
 */
public class CsrfSecurityRequestMatcher implements RequestMatcher {
    /**
     * @field allowedMethods
     */
    private static final Pattern allowedMethods = Pattern.compile("^(GET|POST|HEAD|TRACE|OPTIONS)$");
    /**
     * @field unprotectedMatcher
     */
    private static final RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("/.*", null);

    /**
     * @param request request
     * @return boolean
     * @see org.springframework.security.web.util.matcher.RequestMatcher
     * #matches(javax.servlet.http.HttpServletRequest)
     */
    @Override
    public boolean matches(final HttpServletRequest request) {
        if (allowedMethods.matcher(request.getMethod()).matches()) {
            return false;
        }
        return !unprotectedMatcher.matches(request);
    }
}
